Ian Lim, Field Chief Security Officer, Asia Pacific, Palo Alto Networks, explores the possible repercussions of cybersecurity incidents on data centre players in the APAC region, given the increasing importance of data centres for storing and analysing large volumes of data. He discusses the security posture of data centre operators in Asia and the possible ways in which they can protect themselves from cyberattacks.
What are the possible repercussions of cybersecurity incidents on data centre players in the region?
The APAC region could generate 6,000 terabytes of data per second by 2025 as per a recent report. Developing digital infrastructure like data centres will remain critical to storing, processing and analysing large volumes of data for customer insights that will enhance business value.
Data centre players are also leveraging recent innovations like IoT and automation to increase their efficiencies. They are also catering to savvy customers that want access from anywhere, at any time and from any device. While these innovations offer competitive advantages, they also create a larger attack surface, which can translate into increased complexity in cybersecurity.
Data centres store a treasure trove of personal, confidential and financial information about their customers, stakeholders and employers. Criminals can exploit such information, costing businesses millions of dollars to investigate and remediate. It’s important to remember that data centres are valuable targets for cybercriminals and nation-state-backed hackers. In many cases, the attacks aim to steal or even destroy data.
The ramifications of a cybersecurity breach of data centre providers can ripple through major cloud service providers and customers that leverage their environments. It could interfere with Critical Information Infrastructure that ultimately impacts the very fabric of our digital society.
How would you describe the security posture of data centre operators in Asia?
Cloud platforms and the data centres that host them are built with reliability, security and redundancy by design. However, despite our best efforts, cybersecurity incidents are still unavoidable and this is the same scenario we continue to witness in Asia.
Security standards vary based on the type of data centre your business is built upon. If your business subscribes to a third-party cloud service provider for data management and storage, you would likely use a public cloud data centre. It is essential to research the security standards of your service provider and ensure that they have achieved security standards and certifications that are on par or better than their peers.
Threats impacting the physical security of data centres can be equally damaging. Hence, businesses must also validate that data centres are committed to securing their physical network infrastructure.
Can cyberattacks bring data centre operations to a standstill?
The financial consequences of data centre outages can be high. The Uptime Institute Global Survey of IT and Data Centre Managers 2020 revealed four-in-10 outages cost between US$100,000 and US$1 million – and about one-in-six costs over US$1 million.
A cybersecurity breach in data centres has the potential to stall operations, leading to serious financial losses. It can also harm workers, equipment and the environment, along with some irreparable damage such as the destruction of data and much more.
For example, an attack on a data centre’s HVAC system could compromise the ability of a data centre to cool its servers. Without cooling, the data centre has to power-down its equipment to avoid a greater catastrophe. This recently happened in our region at the beginning of the year. It wasn’t a cyberattack but we saw how issues with HVAC brought important business operations down across the region. To conclude, cyberattacks can cause significant business interruption, disruption and lost revenues.
What are the possible ways in which hackers can gain access to data centre login credentials?
Data centres offer a lucrative opportunity for attackers to launch supply chain attacks. By compromising a data centre, they have the ability to backdoor into major companies and even cloud service providers.
Data centre operators have a variety of portals that are accessed by their customers, their administrators, their third-party contractors and so forth. Each portal presents an avenue for credential attacks. There are a variety of ways credentials can be attacked. If these portals have single-factor authentication, then they are highly susceptible to brute force and dictionary attacks. Weak endpoints can be compromised through phishing attacks. If 2FA is used, the level of protection is much higher. However, there are attacks targeting 2FA such as SIM swapping and man-in-the-middle attacks.
How can data centre operators protect themselves from such attacks?
Basic security hygiene enhancements such as automated vulnerability/patch management, strong password enforcement and Two-Factor Authentication (2FA) and adding security checks early in a software development or DevOps life cycle contribute to raising the security posture in the long run and making it challenging for attackers.
Specific to credential attacks, the use of hardware cryptographic tokens like FIDO2 would greatly limit the attack surfaces. However, these tokens create ease of use issues and should be used only for consequential access. Another form of defence can be to execute the Zero Trust principle of continuous validation on privileged access. Deploy access monitoring capabilities that will actively detect anomalies in usage and access patterns.
Data centres are also becoming increasingly open to having partnerships with business partners, distributors, customers, contractors and vendors, exposing themselves to potentially vulnerable third parties and introducing their security vulnerabilities. Security must be enforced at multiple points to follow workloads everywhere — on the perimeter, network fabric and host. Implementing best practices will help better protect dynamic data and application workloads. Protecting core applications and sensitive data requires cloud-centric, cloud-delivered security agility to converge with Zero Trust Enterprise Architecture principles. By leveraging automation to reduce engineering and delivering consistent security, data centre operators can implement Zero Trust to secure their applications, users and devices.Click below to share this article